Cybercriminals continue to refine techniques to bypass traditional email security filters. One of the most common tools is HTML attachments—an established attack vector that remains effective. A new report from Barracuda Networks shows that 23 percent of all HTML attachments in emails are malicious, making HTML the most frequently used text format by cybercriminals.
The report is based on data from February 2025 and covers nearly 670 million analyzed emails containing malicious content, spam, or other unwanted messages. The findings paint a clear picture of how email remains a central attack surface for cybercrime.
Key findings from the study:
- 20 percent of companies experienced at least one attempted or successful account takeover each month.
- 68 percent of malicious PDFs and 83 percent of malicious Word documents contained QR codes that redirected to phishing sites.
- 12 percent of malicious PDFs were classified as bitcoin sextortion scams.
- Nearly half (47 percent) of all email domains lack DMARC protection—a standard that makes it harder for attackers to spoof or impersonate senders.
- 24 percent of all emails were identified as spam or outright malicious.
“Many organizations still lack basic email protections, making it easy for attackers to reach their users. HTML attachments are often perceived as ‘harmless’ because they are commonly used for legitimate newsletters, invitations, and forms. We also see QR codes continuing to be used to bypass conventional security filters. On top of that, many increase their exposure by not implementing standards such as DMARC,” says Klas Palmér, security expert at Barracuda Networks in Sweden.
Read the full report: 2025 Email Threats Report